Adding managed policies input

README.md

@@ -62,7 +62,7 @@ jobs:
 
     steps:
     - name: Create deploy-bucket
-      uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.3
+      uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.7
       with:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -91,7 +91,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Create deploy-bucket
-        uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.3
+        uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.7
         with:
           aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -106,6 +106,7 @@ jobs:
 
           aws_site_cdn_enabled: true
           aws_site_cdn_custom_error_codes: '[{\"error_caching_min_ttl\":\"0\",\"error_code\":\"403\",\"response_code\":\"200\",\"response_page_path\":\"/index.html\"},{\"error_caching_min_ttl\":\"0\",\"error_code\":\"404\",\"response_code\":\"404\",\"response_page_path\":\"/custom_404.html\"}]'
+          aws_site_cdn_response_headers_policy_id: "eaab4381-ed33-4a86-88ca-d9558dc6cd63"
 
           aws_r53_domain_name: bitovi-sandbox.com
           aws_r53_sub_domain_name: catalog-mfe
@@ -117,7 +118,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Create deploy-bucket
-        uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.3
+        uses: bitovi/github-actions-deploy-static-site-to-aws@v0.2.7
         with:
           aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -195,6 +196,7 @@ The following inputs can be used as `step.with` keys
 | `aws_site_cdn_enabled` | Boolean | Enable or disables the use of CDN. Defaults to `false`. |
 | `aws_site_cdn_aliases` | String | Extra CNAMEs (alternate domain names), if any, for this distribution. Defaults to defined domain if none passed. (See note). |
 | `aws_site_cdn_custom_error_codes` | JSON | Custom error codes to define in CDN. Like `[{\"error_caching_min_ttl\":\"0\",\"error_code\":\"403\",\"response_code\":\"200\",\"response_page_path\":\"/index.html\"}]`. See [this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution.html#custom-error-response-arguments). |
+| `aws_site_cdn_response_headers_policy_id` | String | Comma separated list of response headers policy IDs for CloudFront. Eg. `Managed-CORS-with-preflight-and-SecurityHeadersPolicy` is `eaab4381-ed33-4a86-88ca-d9558dc6cd63`. |
 <hr/>
 <br/>
 

action.yaml

@@ -73,6 +73,9 @@ inputs:
   aws_site_cdn_custom_error_codes:
     description: 'Customize error codes, Definition done with JSON variables'
     required: false
+  aws_site_cdn_response_headers_policy_id:
+    description: 'Comma separated list of response headers policy IDs for CloudFront. Eg. Managed-CORS-with-preflight-and-SecurityHeadersPolicy is 67f7725c-6f97-4210-82d7-5512b31e9d42.'
+    required: false
 
   # AWS Route53 Domains and Certificates
   aws_r53_domain_name:
@@ -136,6 +139,7 @@ runs:
         AWS_SITE_CDN_ENABLED: ${{ inputs.aws_site_cdn_enabled }}
         AWS_SITE_CDN_ALIASES: ${{ inputs.aws_site_cdn_aliases }}
         AWS_SITE_CDN_CUSTOM_ERROR_CODES: ${{ inputs.aws_site_cdn_custom_error_codes }}
+        AWS_SITE_CDN_RESPONSE_HEADERS_POLICY_ID: ${{ inputs.aws_site_cdn_response_headers_policy_id }}
         # AWS Route53 Domains abd Certificates
         AWS_R53_DOMAIN_NAME: ${{ inputs.aws_r53_domain_name }}
         AWS_R53_SUB_DOMAIN_NAME: ${{ inputs.aws_r53_sub_domain_name }}
@@ -209,7 +213,7 @@ runs:
       if: ${{ success() && steps.apply.outputs.public_url != '' }}
       shell: bash
       run: |
-        echo "## It's published! :rocket:" >> $GITHUB_STEP_SUMMARY
+        echo "# It's published! :rocket:" >> $GITHUB_STEP_SUMMARY
         echo ${{ steps.apply.outputs.public_url }} >> $GITHUB_STEP_SUMMARY
 
     - name: Print result
@@ -233,3 +237,15 @@ runs:
         echo "## Workflow failed to run :fire:" >> $GITHUB_STEP_SUMMARY
         echo "Please check the logs for possible errors." >> $GITHUB_STEP_SUMMARY
         echo "If you consider this is a bug in the Github Action, please submit an issue to our repo." >> $GITHUB_STEP_SUMMARY
+
+    - name: Print footer
+      if: ${{ success() && steps.apply.outputs.public_url != '' }}
+      shell: bash
+      run: |
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "---" >> $GITHUB_STEP_SUMMARY
+        echo "# Made by  [![Bitovi](https://www.bitovi.com/hubfs/limbo-generated/imgs/logos/bitovi-logo-23.svg)](https://bitovi.com)" >> $GITHUB_STEP_SUMMARY
+        echo ""  >> $GITHUB_STEP_SUMMARY
+        echo "Check the rest of our actions in the [GitHub Marketplace](https://github.com/marketplace?category=&type=actions&verification=&query=bitovi)!"  >> $GITHUB_STEP_SUMMARY
+        echo ""  >> $GITHUB_STEP_SUMMARY
+        echo "You can get help or ask questions on our [Discord Channel](https://discord.gg/J7ejFsZnJ4Z), or set up a free consultation on our [platform engineering website](https://www.bitovi.com/services/devops-consulting/platform-engineering)." >> $GITHUB_STEP_SUMMARY

scripts/generate_deploy.sh

@@ -97,6 +97,7 @@ aws_site_bucket_name=$(generate_var aws_site_bucket_name $AWS_SITE_BUCKET_NAME)
 aws_site_cdn_enabled=$(generate_var aws_site_cdn_enabled $AWS_SITE_CDN_ENABLED)
 aws_site_cdn_aliases=$(generate_var aws_site_cdn_aliases $AWS_SITE_CDN_ALIASES)
 aws_site_cdn_custom_error_codes=$(generate_var aws_site_cdn_custom_error_codes $AWS_SITE_CDN_CUSTOM_ERROR_CODES)
+aws_site_cdn_response_headers_policy_id=$(generate_var aws_site_cdn_response_headers_policy_id $AWS_SITE_CDN_RESPONSE_HEADERS_POLICY_ID)
 aws_site_root_object=$(generate_var aws_site_root_object $AWS_SITE_ROOT_OBJECT)
 aws_site_error_document=$(generate_var aws_site_error_document $AWS_SITE_ERROR_DOCUMENT)
 aws_r53_domain_name=$(generate_var aws_r53_domain_name $AWS_R53_DOMAIN_NAME)
@@ -119,6 +120,7 @@ $aws_site_bucket_name
 $aws_site_cdn_enabled
 $aws_site_cdn_aliases
 $aws_site_cdn_custom_error_codes
+$aws_site_cdn_response_headers_policy_id
 $aws_site_root_object
 $aws_site_error_document
 $aws_r53_domain_name

terraform_code/main.tf

@@ -135,6 +135,12 @@ resource "aws_s3_bucket_policy" "aws_site_website_bucket_policy" {
 
 ### CDN 
 
+locals {
+  aws_site_cdn_response_headers_policy_id = var.aws_site_cdn_response_headers_policy_id != "" ? [
+    for n in split(",", var.aws_site_cdn_response_headers_policy_id) : (n)
+  ] : []
+}
+
 ### CDN Without DNS
 resource "aws_cloudfront_distribution" "cdn_static_site_default_cert" {
   count               = var.aws_site_cdn_enabled ? ( local.cert_available ? 0 : 1 ) : 0
@@ -165,6 +171,7 @@ resource "aws_cloudfront_distribution" "cdn_static_site_default_cert" {
         forward = "none"
       }
     }
+    response_headers_policy_id = length(local.aws_site_cdn_response_headers_policy_id) > 0 ? local.aws_site_cdn_response_headers_policy_id[0] : null
   }
 
   restrictions {
@@ -220,6 +227,7 @@ resource "aws_cloudfront_distribution" "cdn_static_site" {
         forward = "none"
       }
     }
+    response_headers_policy_id = length(local.aws_site_cdn_response_headers_policy_id) > 0 ? local.aws_site_cdn_response_headers_policy_id[0] : null
   }
 
   restrictions {

terraform_code/variables.tf

@@ -61,6 +61,12 @@ variable "aws_site_cdn_custom_error_codes" {
   default     = "{}"
 }
 
+variable "aws_site_cdn_response_headers_policy_id" {
+  description = "Comma separated list of response headers policy IDs for CloudFront."
+  type        = string
+  default     = ""
+}
+
 variable "aws_r53_domain_name" {
   description = "root domain name without any subdomains"
   type        = string